Skip to content
GitLab
  1. 06 Aug, 2014 5 commits
    • Adam Langley's avatar
      Fix return code for truncated DTLS fragment. · aad61c0a
      Adam Langley authored 
      

Previously, a truncated DTLS fragment in
|dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
the return value would still be the number of bytes read. This would
cause |dtls1_get_message| not to consider it an error and it would
continue processing as normal until the calling function noticed that
*ok was zero.

I can't see an exploit here because |dtls1_get_message| uses
|s->init_num| as the length, which will always be zero from what I can
see.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      aad61c0a
    • Adam Langley's avatar
      Fix memory leak from zero-length DTLS fragments. · 8ca4c4b2
      Adam Langley authored 
      

The |pqueue_insert| function can fail if one attempts to insert a
duplicate sequence number. When handling a fragment of an out of
sequence message, |dtls1_process_out_of_seq_message| would not call
|dtls1_reassemble_fragment| if the fragment's length was zero. It would
then allocate a fresh fragment and attempt to insert it, but ignore the
return value, leaking the fragment.

This allows an attacker to exhaust the memory of a DTLS peer.

Fixes CVE-2014-3507

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      8ca4c4b2
    • Matt Caswell's avatar
      Fix DTLS handshake message size checks. · 0598468f
      Matt Caswell authored 
      

In |dtls1_reassemble_fragment|, the value of
|msg_hdr->frag_off+frag_len| was being checked against the maximum
handshake message size, but then |msg_len| bytes were allocated for the
fragment buffer. This means that so long as the fragment was within the
allowed size, the pending handshake message could consume 16MB + 2MB
(for the reassembly bitmap). Approx 10 outstanding handshake messages
are allowed, meaning that an attacker could consume ~180MB per DTLS
connection.

In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
check was applied.

Fixes CVE-2014-3506

Wholly based on patch by Adam Langley with one minor amendment.

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      0598468f
    • Matt Caswell's avatar
      Added comment for the frag->reassembly == NULL case as per feedback from Emilia · ea7cb539
      Matt Caswell authored 
      

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      ea7cb539
    • Adam Langley's avatar
      Avoid double free when processing DTLS packets. · 49850075
      Adam Langley authored 
      The |item| variable, in both of these cases, may contain a pointer to a
|pitem| structure within |s->d1->buffered_messages|. It was being freed
in the error case while still being in |buffered_messages|. When the
error later caused the |SSL*| to be destroyed, the item would be double
freed.

Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74

 was
inconsistent with the other error paths (but correct).

Fixes CVE-2014-3505

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      49850075
  3. 01 Aug, 2014 5 commits
  5. 30 Jul, 2014 1 commit
  7. 24 Jul, 2014 1 commit
    • Dr. Stephen Henson's avatar
      Add conditional unit testing interface. · 789b1259
      Dr. Stephen Henson authored 
      

Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: default avatarGeoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961)

Conflicts:

	ssl/heartbeat_test.c
	ssl/ssl.h
	util/mkdef.pl
      789b1259
  9. 22 Jul, 2014 5 commits
  11. 21 Jul, 2014 4 commits
  13. 20 Jul, 2014 2 commits
  15. 19 Jul, 2014 1 commit
  17. 17 Jul, 2014 3 commits
  19. 16 Jul, 2014 1 commit
  21. 15 Jul, 2014 4 commits
  23. 14 Jul, 2014 3 commits
  25. 13 Jul, 2014 3 commits
  27. 10 Jul, 2014 1 commit
  29. 09 Jul, 2014 1 commit